Skip to content

Release of 7.0.0

Latest
Latest
Compare
Choose a tag to compare
@op-ct op-ct released this 20 Oct 20:46
· 11 commits to master since this release
7.0.0
c24a57c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

BREAKING CHANGES

  • simp kv:
    • Updated the simp kv command suite to work with simp-simpkv
      Puppet module version >= 0.8.0.
      • simp-simpkv 0.8.0 changed how global keys are accessed.
      • Only impacts sites that explicitly enabled the experimental
        simpkv capability.

Changed

  • simp config:
    • The LOCAL sssd domain is no longer needed for sssd to start. The
      sssd::domains value is now only set if the SIMP server is the LDAP server.
    • Updated LDAP configuration to use 389ds, when the SIMP server is the LDAP
      is on EL>7.
      • Configures the LDAP server to be the SIMP 389ds accounts instance
      • Configures the LDAP client to communicate with the 389ds server.
    • Moved the mechanism to set the SIMP server's grub password to Puppet.
      • The password is now set via simp_grub::password instead of
        grub::password.
    • Configure simp_options::ntp::servers instead of deprecated
      simp_options::ntpd::servers.
    • Bumped .gemspec dependencies to mitigate CVE-2020-8130 and
      CVE-2017-8418
    • Changed set/get from master to server in updates to the puppet
      configuration
    • Changed the check for puppetserver running from a fragile CRL query to the
      actual status endpoint and moved from curl to native net/http

Added

  • simp config:
    • Added option to configure a local user with ssh and sudo privileges
      to prevent server lockout, when SIMP is not installed from ISO.
      • Especially important for cloud instances when the user does not have
        console access.
      • Specified local user will be created if not already present.
      • If the specified local user exists and has authorized ssh keys, the keys
        will be copied to /etc/ssh/local_keys/, the default location of local user
        ssh authorized key files in SIMP.
        IMPORTANT: Any future updates to a users's ssh authorized key list must
        be made to the user's file in /etc/ssh/local_keys/.
    • Set the NTP server defaults for ntpd and chronyd.
      simp_options::ntp::servers is intended to be the default NTP server
      settings for a SIMP system, regardless of whether it uses ntpd or
      chronyd. However, the chrony module does not use simp_options,
      because it is not a SIMP-maintained module. To work around this,
      simp config was updated to set chrony::servers to an alias of
      simp_options::ntp::servers in hieradata.

Fixed

  • simp config:
    • Fixed a bug in which running simp config multiple times could result in
      multiple /etc/hosts entries for the puppetserver.
    • Check for both ntpd and chronyd settings when determining the OS defaults
      for simp_options::ntp::server, not just ntpd settings.

Removed

  • simp CLI:
    • Dropped support for Puppet 5
    • Removed support for EL6
    • Removed management of puppetdb components since it is no longer enabled by
      default.
Assets 11
Loading